Sony patched up to 20 exploits with Vita firmware 3.00

We’ve mentioned several times in the past few days that firmware 3.00 has been a surprise to some of the veterans in the PSP/Vita scene, as Sony has patched several undisclosed psp exploits with this update.

It is fairly rare for Sony to patch an exploit before it gets publicly released, more so when it comes to exploits in the psp emulator, which in two years of Vita’s existence haven’t proven to be a security or business threat to Sony.

Nevertheless, firmware 3.00 appears to contain patches for several exploits that were known probably by a handful of people. Firmware 3.00 contains typical “blacklist” patches in the savedata_utility.prx, but also apparently deeper fixes in the psp kernel.

Savedata_utiliy.prx is a file that contains (among other things) a blacklist of exploits. I’ve described that file a while ago here: “When the PSP and the Vita show their battle scars“. With firmware 3.00, the savedata_utility.prx blacklist has been updated to block the “pawa pro” exploit from 173210 (this was expected), but also Frostegater’s Fieldrunners and Pipe Madness exploits and Yosh’s Half Minute Hero exploit, which hadn’t been publicly disclosed before the 3.00 release.

In addition to those, somewhere between 10 and 20 other undisclosed game exploits have been added to the blacklist, which means those exploits are now technically patched. (I have been asked by my sources to not be more precise than that)

It does not stop there, though, as it appears some techniques used in VHBL to increase compatibility are now patched in the psp kernel. The patches in general do not prevent VHBL from running, but limit the compatibility of some homebrews. Acid_Snake discussed this at length in his rant to Sony

Vita firmware 3.00 has put serious limits to ongoing efforts to open the psp emulator within the Vita. However, many devs/hackers have contacted me to let me know their own exploit wasn’t impacted, or that they had found workarounds. Total Noob’s long awaited TN-V4, an upcoming kernel exploit within the psp emulator on the Vita, does not seem to be impacted.

To me the big remaining question is the source of these fixes. Do you think Sony have a team looking for exploits in their PSP games? Or do they get contacted independently?

Share

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

It must be on their end somehow, if nobody is disclosing the names of exploited games, it could be some sort of detection system added to 2.61. My friend on PS3 once noticed (Through PSN) I was running a SNES emulator. As Devs are using private exploits, and connected to PSN it may be a red flagging Sony. This is just a thought, as I have no idea about the inner working of the Vita. Can anyone add anything to this theory?

Unless you were using an SNES emulator on a PS3 that has CFW there isnt any way for them to see what homebrew you’re using on a Vita. VHBL is running within a game in the pspemu and the homebrew subsequent of that. Using VHBL is masked by the game you are playing.

There might be a double agent. Or I saw some people in this scene showing their MAC addresses in tutorials(or simply their PSN ID). Maybe they are tracking your purchases to narrow down what games could be exploited and well….trying to exploit it. I would recommend that you burn every trusted hacker and start the “Circle of trust” from scratch.

Well, if I see the number of existing “private” exploits and compare it to the number of serious “hackers” out there, it’s not too difficult to find them. The problem is only limited to the costs of trying out every single mini game. Since this is priceless for sony, it’s probably enough to have one guy sitting there all day long, trying to create a buffer overflow on every single psp game. I guess, this is the easiest way to find a large number of exploits. If they don’t have an own “hacker”, there might be one out there, telling them exploits he or she has found for a certain amount of money. Let’s say 100 bucks per game or whatever. There will probably be many people out there, willing to do this for some amount of money.

The bigger problem in my opinion is, that we probably won’t have another exploited game released with TN-V. It might still be workin on the remaining exploitable games, but the virtue of such a game could be too great to release it, just for the fame and at the same time lose it with the next patch. I’m guessing, that TN or another guys who still has a handful of games won’t share them. At least I wouldn’t, if I had them. Those who shared a game or two in the past, probably had 5 or 10 exploits running, ensuring, that they can continue their work after the next patch. The only reason to make an exploit publicly known, is to get some fame and still be able to continue working with other exploits, after the public one gets patched. Noone is going to release it’s one and only knows exploit. Possibly even not, if he or she has two or three exploits. That’s what I think. So I guess, the PSP emulator will be closed for a loooong time.

Of course I still HOPE to see another exploitable game, but I don’t think so. – At least not very soon. I can imagine, the next official patches will maybe close another 10 exploits – maybe some, that aren’t known at all. Cause Sony has proven to us, that they are willing to test, test and test as much as they can. And believe me, they have the possibilities to test A LOT… I’m staying at 2.61 these days.

said mostly i mean there like way over five hundred psp game since the psp came out not counting mini so u would think there be a lot of games even with the psp there was a lot of updates weird tough it jus a psx in a ps2

can anyone help, I’m a little confused, I thought usermode exploits could only be usermode, but somehow TN-V4 is being ported to them all, how can this be if it doesn’t have access to the kernel commands in say, fieldrunners, which runs in “userland”. Maybe I’m just stupid, any help guise?

The usermode exploit and the kernel exploit are two different things. A kernel exploit isn’t in the game, but the pspemu itself. A usermode exploit is simply necessary to be able to run the code to trigger the kernel exploit. This is why any firmware below 2.02 can run the kernel exploit that was released with UNO, and any firmware(with a usermode exploit) will be able to run the TN-V4 kernel exploit until it is patched after release in 3.01 or higher.

There may be a tiny chance of Sony introducing a new bug that leads to a kernel exploit, but it’s 99% certain that any kernel exploit has always existed in the pspemu, and will work on any firmware below the one on which it is released. Unless, of course, it is caught in a wave of unexpected patching like these usermode exploits in 3.00.

So, in summary, usermode and kernel exploits are two different bugs in two different places, you just happen to need a usermode exploit in order to launch the kernel exploit. (the usermode exploit is in the specific game, the kernel exploit is in the PSP emulator)

it’s well know that the largest companies like sony or microsoft. hire people just for playing, hacking or crashing their games to fix all the vulnerabilities for their consoles and the VBHL and TN topic is gaining fame (i’m from mexico and even here we’re tracking down all updates from this scene) so i believe that they’ve a team doing just like you but to make the patches before the game exploits get to public, to finish i want to congratulate everybody working on vita hacking because sony are selling us very expensive the save space to buy their games i.e here 32GB vita memory card cost about $120-130 us dollars

here’s my two cents: I don’t think Sony are actively looking for exploits, what I think is that when we released the Arcade games exploits they realized that publishers tend to reuse the same engine and code on all their games, so a publisher with a game that has a vulnerability has other potential games with similar vulnerabilities. Sony simply looked into other games from publishers with an already known game exploit. Take a look at who made each of the private exploits that got patched, chances are its the maker of another game that did go public. They just connected the dots. As for the utility thing, well it’s safe to assume that TN releasing his test binaries where the cause of it, as they hint to where the kxploit is (although not at the kxploit itself) so it’s natural that Sony at least tried to decrease the amount of games that have access to those utilities.

Maybe they should not release all exploits.. considering possibility that in next firmware update the patches are removed… and people on lower firmware can still put them on their Vitas, using the Open CMA or Clarles method Just a wild guess.

I don’t like this idea because the “common denominator” would likely point to people I trust a lot on the scene, including… myself It just doesn’t make sense. Acid_Snake’s explanation (they audited games from the same development studios that had been exploited in the past) is much more likely

I’ve been following for some time now. Tried to make my vita “more psp friendly” when I had 2.06…. utter failure. Can anyone help me step by step so I am ready for an exploit that comes out for 3.0? Pretty please. Also, you must know that I am an idiot and need to be handled with kid gloves when it comes to ‘technical jargon’.

They got us in a corner,, im getting closer and closer to putting up my white vita with uno exploit.. im just tired of lack of games. Tired of limited OS and bugs. Tired of this 4 core device being wasted. Things have changed,, they wont ever be the same. We have begun an era of secure devices,, exploits are a thing of the past.

in the process of trying to get vhbl+fieldrunners i updated my vita to 3.0 accidentally. i know theres no current exploits released… but i was wondering where i can find these “ninja releases” as i would like to beat sony to there next patch. i check wololo on the daily but id rather know for certain that im not just looking in the wrong area all together.

Amazon

Do you shop at Amazon? If you like my work and are an Amazon shopper, please consider using the links below. It won't cost you anything more, and I will get a small percentage of the sales.Thanks for your support!